Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they’re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger Grimes, KnowBe4’s...
Ransomware actors have taken a page from the playbooks of tech support scammers of yore by guiding victims to download malware through persuasion over the phone. Microsoft says the technique is more dangerous than it first realized.
The Biden administration formally accused China's Ministry of State Security of conducting a series of attacks against vulnerable Microsoft Exchange servers earlier this year that affected thousands of organizations. This group is also accused of carrying out ransomware and other cyber operations.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the challenges ahead for the new director of the U.S. Cybersecurity and Infrastructure Security Agency and vendor security risk management in the healthcare sector.
In a multinational effort led by the Dutch National Police, authorities seized servers and web domains used by DoubleVPN, a Russia-based company that allegedly provided a safe operating infrastructure for cybercriminals, according to Europol.
DevOps-driven adoption of new
technologies and processes
may mean security is an afterthought
and can expose new
gaps in security coverage and
Download this whitepaper which provides an overview of what DevSecOps is and how organizations can adopt its
practices in conjunction with technologies...
Kubernetes-native security is based on a single principle: security is implemented most effectively
when it is aligned with the system that is responsible for managing all of an organization’s containerized
Download this whitepaper which explores the six characteristics a security platform must...
The world has changed over the past year, but cyberthreats never rest. According to the report, 86 percent of organizations experienced at least one successful cyberattack last year. The more you know about how your peers are handling the most serious threats, the more effectively you can secure your own...
According to a Threat Landscape Trends report for Q2 2020, cryptojacking saw a 163% increase in detections, compared to previous quarters. 35% of organizations indicated in a survey by NinjaRMM, that ransomware attacks resulted in up to $5 million in damages. Similarly we see an explosion in DDoS attacks. In times...
The Department of Justice announced Tuesday that it has seized two domains that were used during a recent phishing campaign that targeted a marketing firm used by the U.S. Agency for International Development - USAID - to send malicious messages to thousands of potential victims.
The average amount of time that online attackers camp out in a victim's network - or "dwell time" - has been declining, FireEye's Mandiant incident response group reports. But the surge in ransomware accounts for some attacks coming to light more quickly because those attackers announce their presence.
New encryption standards TLS 1.3 and DNS-over-HTTPS (DoH) will soon sweep away security controls. Security professionals must act within the next two years or they won't be able to analyze network traffic and detect cyberthreats.
Download the Forrester report —Maintain Security Visibility in the TLS 1.3 Era —...
1,778 IT and IT security professionals across North America, Latin America, the UK and Europe responded to a new study by the Ponemon Institute, and their responses deliver a clear message to CISOs.
The study tracks the level of importance placed on security analysts, as well as the state of maturity...
Brokerage account takeover, supply chain attacks, destructive attacks and those that seek to manipulate time or time stamps are among the latest threats uncovered in the new Modern Bank Heists report authored by Tom Kellermann at VMware Carbon Black.
Today's credential based threats
are complex, often touching many systems, using
multiple log-ins, and spanning a period of several
months. These insider threats involve the legitimate
credentials and access privileges of real users,
making them challenging for legacy security solutions